d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Instant-MFC r286933:

Browse Source 
Issue warning and refuse to proceed further if the configured
repository signature_type is unsupported by bootstrap pkg(7).

Previously, when signature_type specified an unsupported method,
the bootstrap pkg(7) would proceed like when signature_type is
"none".  MITM attackers may be able to use this vulnerability and
bypass validation and install their own versions of pkg(8).

At this time, only fingerprint and none are supported by the
bootstrap pkg(7).

FreeBSD's official pkg(8) repository uses the fingerprint method
and is therefore unaffected.

Errata candidate.
This commit is contained in:
delphij 2015-08-19 18:32:36 +00:00
parent 0505b0e9ea
commit 99883f69b1
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
usr.sbin/pkg/pkg.c
View File

@ -767,7 +767,13 @@ bootstrap_pkg(bool force)
goto fetchfail;
if (signature_type != NULL &&
strcasecmp(signature_type, "FINGERPRINTS") == 0) {
strcasecmp(signature_type, "NONE") != 0) {
if (strcasecmp(signature_type, "FINGERPRINTS") != 0) {
warnx("Signature type %s is not supported for "
"bootstrapping.", signature_type);
goto cleanup;
}
snprintf(tmpsig, MAXPATHLEN, "%s/pkg.txz.sig.XXXXXX",
getenv("TMPDIR") ? getenv("TMPDIR") : _PATH_TMP);
snprintf(url, MAXPATHLEN, "%s/Latest/pkg.txz.sig",
@ -855,7 +861,13 @@ bootstrap_pkg_local(const char *pkgpath, bool force)
goto cleanup;
}
if (signature_type != NULL &&
strcasecmp(signature_type, "FINGERPRINTS") == 0) {
strcasecmp(signature_type, "NONE") != 0) {
if (strcasecmp(signature_type, "FINGERPRINTS") != 0) {
warnx("Signature type %s is not supported for "
"bootstrapping.", signature_type);
goto cleanup;
}
snprintf(path, sizeof(path), "%s.sig", pkgpath);
if ((fd_sig = open(path, O_RDONLY)) == -1) {